also sprach Santiago Vila <firstname.lastname@example.org> [2004.12.14.0137 +0100]: > No, not again. Please google a little bit more before proposing > things. For example, read the complete logs for Bug #35504. I read the complete log, and I read the thread at http://lists.debian.org/debian-policy/2000/01/msg00273.html However, where's the consensus. Having 2775:root:adm is stupid, I agree. But where's the real argument against 2755:root:adm? It seems that Debian wants to take the "allow everything unless prohibited" approach to log files. The common approach given today's security requirements is the opposite, "allow nothing unless permitted". If Debian wants to go the first path, why not enable the standard inetd services throughout, to give just one example? Why not turn off rp_filter? Why not add every new user to the staff group? Why not make new homedirectories 775? Sorry, but I truly do not see a "consensus" here. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <email@example.com> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Description: Digital signature